New! Magnetic Phone Grips For All Handheld Devices - See Video.
Source PPAI Media August 2021 - 3 Minute Read
Promotional products businesses have learned to be on the lookout for scams and fraudulent orders.
Industry professionals are generally quite vigilant, but scammers can slip through the tightest defenses. A recent example is distributor Promotional Marketing Services in Athens, Georgia, which unexpectedly fell victim to a sophisticated phishing email scam that took time, effort and money to resolve.
In this case, hackers took over the company’s email system and sent out an email—with a staff member’s signature to give it more credibility—with a subject line requesting an RFP. The embedded link went to an Adobe Spark link that, while looking legitimate, contained a virus. The hackers used their email list to send out more than 1,600 messages and, to keep the company from being aware of the intrusion, added a rule to the email setting that automatically marked incoming messages as “read” and moved them to the “deleted” folder. This type of exploit escapes firewalls because it comes from a trusted email address and Adobe Spark is widely considered a trusted product. When email recipients began responding with questions, like “Is this a valid email?” the hackers would respond as if they were the company, assuring them it was valid.
“It seems that the hackers want access to the email addresses although I'm not sure for what purpose,” says Lori Lord, president and owner of Promotional Marketing Services. “As a distributor already dealing with additional work with the supply chain issues, I spent two days and a great deal of money to deal with this.”
Lord inadvertently discovered the scam when phone calls began coming in. “My team and I were meeting for our monthly luncheon and our office line began to ring a lot. The calls were coming in to ask about this email they had received. So, we immediately knew something was wrong. The first thing we did was change our voicemail message to explain what happened, and then we sent an eblast to our entire contact list letting them know we were hacked and not to open this email,” she says.
“Next was the call to GoDaddy Office 365. They manage our Microsoft emails accounts, and I was lucky enough to get an awesome rep on the line who spent an hour and a half with me, walking me through the process of digging into the deep settings of our email accounts—we have four—and determining what was happening. Between the time on the phone and the cost of the additional protection we added to our accounts, it was approximately $1,000 to resolve. Then came the task of contacting all of the clients and suppliers whose systems had blocked our emails from coming into their servers. That was more time, energy and delays in getting orders processed. It was a domino effect of the hacking event, and we are still dealing with some of that now.”
Lord also notes, “While I was talking to the GoDaddy rep, he asked me what industry I was in. When I told him, he said that he had just talked to another person in the same industry who had something similar happen. So, is the promo industry being targeted by these hackers?”
A previous PPB article, “Scammers Vs. The Promo Industry,” outlined some of the ways scammers prey on promotional products companies and how industry businesses can respond. In general, here are a few things to look out for whenever doing business online:
Email Scams Continue To Prey On Promo Businesses